Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ugur_Urel
Explorer

User web activity application detection

Hi all,

In the "Application and URL Filtering" report of the Smart Event, in the "high bandwidth user" view, for some users we see applications like "HTTP/2 over TLS" and "SSL Protocol". Beside these applications we can also see applications like youtube, facebook etc. (I have attached a picture from an example report)

What we want to understand is what kind of access generates these traffics? ("HTTP/2 over TLS" and "SSL Protocol"). These applications seems like protocols, not applications, so in stead of these shouldn't we need to see the real application/site?

Capture.PNG

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

HTTP2 comes from web browsers.
SSL shows for things that aren't necessarily web browsers but are clearly communicating using it.
Would need to see screenshots of example logs and the relevant matched rule(s) to comment further.
0 Kudos
Chris_Atkinson
Employee Employee
Employee

For additional context is the gateway configured for HTTPS inspection and what version is it installed with , R80.30 (with SNI)?

CCSM R77/R80/ELITE
0 Kudos
Ugur_Urel
Explorer

Hi,

 

Thank you for the replies. I have attached some logs and the relevant rule. In the rule "Genel Erisi..." is a site group and contains some URL categories.

Gateway is configured for HTTPS inspection and running on R77.30. But I'm not sure about SNI, where can I check if SNI enabled?

1.PNG2.PNG3.PNG

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events